CVE-2025-30222

Shescape vulnerability (CVE-2025-30222) affects versions 1.7.2–2.1.1 of the JavaScript shell-escape library. On Windows, when shell: 'cmd.exe' or shell: true is configured and any of quote/quoteAll/escape/escapeAll is used, an attacker may gain read-only access to environment variables due to env...

CVE-2025-30222 Shescape has potential environment variable exposure on Windows with CMD

Shescape is a simple shell escape library for JavaScript. Versions 1.7.2 through 2.1.1 are vulnerable to potential environment variable exposure on Windows with CMD. This impact users of Shescape on Windows that explicitly configure shell: 'cmd.exe' or shell: true using any of...

CVE-2025-30222 Shescape has potential environment variable exposure on Windows with CMD

Shescape is a simple shell escape library for JavaScript. Versions 1.7.2 through 2.1.1 are vulnerable to potential environment variable exposure on Windows with CMD. This impact users of Shescape on Windows that explicitly configure shell: 'cmd.exe' or shell: true using any of...

CVE-2025-30222 Shescape has potential environment variable exposure on Windows with CMD

Shescape is a simple shell escape library for JavaScript. Versions 1.7.2 through 2.1.1 are vulnerable to potential environment variable exposure on Windows with CMD. This impact users of Shescape on Windows that explicitly configure shell: 'cmd.exe' or shell: true using any of...

Security update for freetype2

This update for freetype2 fixes the following issues: CVE-2025-27363: Fixed out-of-bounds write when attempting to parse font subglyph structures related to TrueType GX and variable font files bsc1239465. Patch Instructions: To install this SUSE update use the SUSE recommended installation method...

CVE-2025-2720

Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: According to the code maintainer the call of the POC is invalid because the buffer pointed to by "data...

CVE-2025-2720

Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: According to the code maintainer the call of the POC is invalid because the buffer pointed to by "data...

"SharePoint Server backup is not configured for this organization."

Challenge A SharePoint backup job in Veeam Data Cloud for Microsoft 365 fails with the following error: SharePoint Server backup is not configured for this organization. Note: This error occurs despite SharePoint being correctly configured in Microsoft 365. Cause The issue occurs for specific...

CVE-2025-2720

...

CVE-2025-2720

Removed by vendor...

CVE-2025-2720

The CVE-2025-2720 entry has technical detail in a connected document: it describes a vulnerability in GNOME libgsf affecting the gsf_base64_encode_simple function. The issue arises from local-access exploitation where manipulating the size argument can cause use of an uninitialized variable. Reme...

PT-2025-12685

Name of the Vulnerable Software and Affected Versions GNOME libgsf versions up to 1.14.53 Description A critical issue affects the function gsf prop settings collect va due to the manipulation of the argument n alloced params, leading to a heap-based buffer overflow. This issue requires local...

CVE-2024-8238

In version 3.22.0 of aimhubio/aim, the AimQL query language uses an outdated version of the safergetattr function from RestrictedPython. This version does not protect against the str.formatmap method, allowing an attacker to leak server-side secrets or potentially gain unrestricted code execution...

OESA-2025-1300 freetype security update

FreeType is written in C, designed to be small,efficient, highly customizable, and portable while capable of producing high-quality output glyph images of most vector and bitmap font formats Security Fixes: An out of bounds write exists in FreeType versions 2.13.0 and below newer versions of...

Autodesk 2025 < 2025.1.2 Multiple Vulnerabilities (AutoCAD) (adsk-sa-2025-0001)

The 2025 version of Autodesk AutoCAD installed on the remote Windows host is a version prior to 2025.1.2. It is, therefore, affected by multiple vulnerabilities: - A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A...

Security update for freetype2

This update for freetype2 fixes the following issues: CVE-2025-27363: Fixed out-of-bounds write when attempting to parse font subglyph structures related to TrueType GX and variable font files bsc1239465. Patch Instructions: To install this SUSE update use the SUSE recommended installation method...

SUSE-SU-2025:0960-1 Security update for freetype2

This update for freetype2 fixes the following issues: - CVE-2025-27363: Fixed out-of-bounds write when attempting to parse font subglyph structures related to TrueType GX and variable font files bsc1239465...

CVE-2025-30143

Rule 3000216 before version 2 in Akamai App & API Protector with Akamai ASE before 2024-12-10 does not properly consider JavaScript variable assignment to built-in functions and properties...

microcode_ctl: Improper input validation in UEFI firmware CseVariableStorageSmm

Improper input validation in UEFI firmware CseVariableStorageSmm for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access...

Autodesk AutoCAD CATProduct File Parsing Uninitialized Variable Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...